Advertisement

Generic Predefined Privacy Preferences for Online Applications

  • Mike Bergmann
Conference paper
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 262)

Abstract

Every day users disclose various kinds of personal data using the Internet for daily activities. The disclosed data in summary may draw a perfect picture of them. Up to now it is difficult for end users to decide what to disclose and what to hide. We try to support the user in this task and propose a limited set of applicable predefined privacy preferences taking privacy principles into account. We will apply these preferences for typical online activities to evaluate and to enhance them. We elaborate the dependencies and correlations between the privacy preferences and application scenarios. As a final result and based on the proposed privacy preferences we introduce a privacy-enhancing data disclosure splitting guiding the user step by step through the process of data disclosure.

Keywords

Business Process Privacy Policy Personal Data Policy Language Online Application 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    W3C. Platform for Privacy Preferences, April 2002. Online available at http://www.w3.org/TR/P3P/.Google Scholar
  2. 2.
    L. Cranor. P3P: Making privacy policies more useful. IEEE Security and Privacy, pages 50-55, 2003.Google Scholar
  3. 3.
    Marit Hansen and Ammar Alkassar. A study on network protocols and privacy-aware communication. Technical report, FIDIS Deliverable D3.8, Frankfurt/Main, November 2007.Google Scholar
  4. 4.
    W3C Policy Language Interest Group. PLING Charter. available online at http://www.w3.org/Policy/2007/ig-charter.html.Google Scholar
  5. 5.
    A. Whitten and J.D. Tygar. Why Jonny Cant Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the Ninth USENIX Security Symposium, 1999.Google Scholar
  6. 6.
    Gritta Wolf and Andreas Pfitzmann. Properties of protection goals and their integration into a user interface. In Computer Networks: The International Journal of Computer and Telecommunications Networking, volume Volume 32, pages 685-700, New York, NY, USA, May 2000. Computer Networks, Elsevier North-Holland, Inc.Google Scholar
  7. 7.
    Mike Bergmann, Martin Rost, and John Sören Pettersson. Exploring the feasibility of a spatial user interface paradigm for privacy-enhancing technology. In Proceedings of the Fourteenth International Conference on Information Systems Development, Karlstad, August 2005. Springer-Verlag.Google Scholar
  8. 8.
    Sebastian Clauß and Thomas Kriegelstein. Datenschutzfreunliches Identitätsmanagement. DuD Datenschutz und Datensicherheit, 27:297, 2003.Google Scholar
  9. 9.
    John Sören Pettersson, Simone Fischer-Hübner, Ninni Danielsson, Jenny Nilsson, Mike Bergmann, Sebastian Clauß, Thomas Kriegelstein, and Henry Krasemann. Making PRIME usable. In Symposium on Usable Privacy and Security, Carnegie Mellon University, Pittsburgh, PA, USA, July 2005. Carnegie Mellon University.Google Scholar
  10. 10.
    Council of Europe. Data Protection Directive 1995/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Online available at http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML.Google Scholar
  11. 11.
    Andreas Pfitzmann and Marit Hansen. Anonymity, unobservability, and pseudonymity — a proposal for terminology. In Proceedings of WS on Design Issues in Anonymity and Unobservability, Designing Privacy Enhancing Technologies, LNCS 2009, Proceedings of the Fourteenth International Conference on Information Systems Development, Heidelberg, August 2001. LNCS. Revised version 0.29 of July, 31st 2007; Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management — A Consolidated Proposal for Terminology; available at http://dud.inf.tu-dresden.de/Anon_Terminology.shtml.Google Scholar
  12. 12.
    Wikipedia. Help:Contents/Getting started — Wikipedia, The Free Encyclopedia, 2007. [Online accessed 19-May-2007] http://en.wikipedia.org/wiki/Help:Contents/Getting_started.Google Scholar
  13. 13.
    O. Berthold, H. Federrath, and M. Köhntopp. Project “Anonymity and Unobservability in the Internet”. In Proc. Workshop on Freedom and Privacy by Design /Conference on Freedom and Privacy 2000, pages 57-65, Toronto/Canada, April 4-7 2000. ACM.Google Scholar
  14. 14.
    Michael Barbaro and Tom Zeller Jr. A face is exposed for AOL searcher No. 4417749. New York Times Online, August 2006. http://www.nytimes.com/2006/08/09/technology/09aol.html?ex=11754 00000&en=fd9b0c3b15c36970&ei=5070.Google Scholar
  15. 15.
    Mike Bergmann. PRIME internal privacy preferences survey about privacy concerns and conditions. In Technical Report TUD-FI01-04-Mai 2007, Technische Universität Dresden, Saxony, Germany, May 2007. Technische Universität Dresden. http://dud.inf.tu-dresden.de/~mb41/publications/TUD-FI07-04_Mai2007.pdf.Google Scholar
  16. 16.
    Google Inc. Google Mail Privacy Policy, 2007. Online; accessed 20-May-2007; http://mail.google.com/mail/help/intl/en-GB/privacy.html.Google Scholar
  17. 17.
    David Chaum. Security without identification: Transaction systems to make big brother obsolete. In Communications of the ACM, volume 28, No. 10, pages 1030-1044, October 1985.Google Scholar
  18. 18.
    Birgit Pfitzmann, Michael Waidner, and Andreas Pfitzmann. Rechtssicherheit trotz Anonymitt in offenen digitalen Systemen. Datenschutz und Datensicherung DuD, 14/5-6:243-253, 305-315, 1990. translated into English: Secure and Anonymous Electronic Commerce: Providing Legal Certainty in Open Digital Systems Without Compromising Anonymity, IBM Research Report RZ 3232 93278) 05/22/00, IBM Research Division, Zurich (May 2000).Google Scholar
  19. 19.
    Sebastian Clauß and Marit Köhntopp. Identity management and its support of multilateral security. Computer Networks, 37:205–219, 2001.CrossRefGoogle Scholar
  20. 20.
    SET Secure Electronic Transaction LLC. The set standard specification, May 1997. originally at http://www.setco.org/set_specifications.html; now mirrored at http://www.cl.cam.ac.uk/research/security/resources/SET/.Google Scholar
  21. 21.
    Fulup Ar Foll. Liberty Alliance From Usecases to Specifications, Jan 2007.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Mike Bergmann
    • 1
  1. 1.Technische Universität DresdenGermany

Personalised recommendations